Solved: Splunk Forwarder Service/ Windows Infrastructure A...

mgrasber · ‎12-01-2015

Hi Guys - apologies ahead of time for my ignorance as I'm a rookie.

I have the splunk forwarder installed on a DC running 2012 R2. Service runs fine with no apps installed. When I stop the service, install TA-DNSServer-NT6 and TA-DomainController-NT6 for the windows infrastructure splunk app, and restart the service, Windows Powershell hovers consistently at 50+% CPU in task manager. Memory usage starts around a few hundred MB and grows by about 3mb/s without stopping. Right now it's at about 2050mb of memory.

All the correct information looks like it's being collected in splunk. I can see LDAP information, DS client binds, etc...

We have 2 other DCs on 2008 R2 that are forwarding information using the Splunk App For AD and the task manager shows no similarities.

Any help would be appreciated. Thanks!

mgrasber · ‎12-01-2015

I'm an idiot - Didn't even notice that there is an addon specifically for 2012 R2 that comes with this app (TA-DomainController-2012R2). Will leave this here just in case anyone else has the same brain fart. Thanks everyone.

View solution in original post

mgrasber · ‎12-01-2015

I'm an idiot - Didn't even notice that there is an addon specifically for 2012 R2 that comes with this app (TA-DomainController-2012R2). Will leave this here just in case anyone else has the same brain fart. Thanks everyone.

Splunk Forwarder Service/ Windows Infrastructure App Causing PowerShell.exe to use 50% CPU + continuously growing Memory

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...